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Introduction 


Endpoint protection has featured too many standalone options for too long. 
Vendors are starting to recognize the value of consolidating capabilities. 


This Research Is Designed For: 


V Enterprises seeking to select a solution for 
endpoint protection. 


v Their endpoint protection use case may 
include: 


e Enterprises looking for a centrally managed 
solution that will provide protection for a 
variety of devices from laptops to mobile 
devices. 


e Enterprises that are migrating from 
standalone capabilities like DLP or WCF, to 
a consolidated solution. 
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This Research Will Help You: 
v Understand what’s new in the endpoint 
protection market. 


v Evaluate endpoint protection vendors and 
products for your enterprise needs. 


v Determine which products are most appropriate 
for particular use cases and scenarios. 


Info-Tech Research Group 


Market overview 


How it got here 


e Threat complexity increased from the first 1980s’ attacks 


Where it’s going 


e Similar to most security solutions, the movement has 


like Melissa and Love Bug, first with polymorphic 
viruses, and more recently, Advanced Persistent Threats 
(APTs) affecting both large-scale organizations, as seen 
in news headlines, and regular organizations. 

To combat these threats, the first commercial anti-virus 
scanners were released in the early 90s. Over time, 
these early tools gained an inordinate number of 
competitors. Tools themselves have added capability 
after capability as the malware writers evolve their craft 
and push the bounds of what viruses, worms, and other 
malware can do. 

In the past, it was customary to have standalone 
solutions for anti-malware, encryption, and more, but as 
the landscape became more complicated, organizations 
needed a streamlined way to manage their solutions, 
while also offering the same robust security capabilities. 


been in the direction of increased consolidation. 
Endpoint anti-malware solutions and endpoint 
encryption solutions have now become comprehensive 
endpoint protection suites, wrapping up other data- 
related and content control security capabilities such as: 


o Removable device content control 
o Removable media encryption 


o URL filtering/web control 


e With APTs not going away any time soon, organizations 


are recognizing the need to take a proactive and holistic 
approach to their security. Vendors can expect to find 
more ways to consolidate and provide single pane-of- 
glass central management. 


As the market evolves, capabilities that were once cutting edge become default and new functionality 
becomes differentiating. Full disk encryption has become a Table Stakes capability and should no longer be 
used to differentiate solutions. Instead focus on removable device content control and removable media 
encryption to get the best fit for your requirements. 
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Endpoint Protection criteria & weighting factors 


Product Evaluation Criteria 









Criteria Weighting 





The solution provides basic and advanced Features 


Features feature/functionality. 


Usability 

30% 

Wsabilit The end-user and administrative interfaces are 
SEIU] intuitive and offer streamlined workflow. 
P ae Implementing and operating the solution is 20% 20% 

Affordability affordable given the technology. Architecture Affordability 


Multiple deployment options and extensive Product 
integration capabilities are available. 


50% 
Vendor Evaluation Criteria 
50% 


Architecture 


Viabilit Vendor is profitable, knowledgeable, and will be 
lad lity around for the long term. 





Strat Vendor is committed to the space and has a Vendar 
alegy future product and portfolio roadmap. Viability OON _ Strategy 
Reach Vendor offers global coverage and is able to sell i 30% } 
SEC and provide post-sales support. À | 


Vendor channel strategy is appropriate and the 


Channel channels themselves are strong. 


15% 


Channel % 
oc Reach 
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The Info-Tech Endpoint Protection Vendor Landscape 


The zones of the Landscape 


The Info-Tech Endpoint Protection 
Vendor Lan 
Champions receive high scores for most evaluation endor Eands cape 


criteria and offer excellent value. They have a strong 
market presence and are usually the trend setters LEADING PRODUCT 
for the industry. 





Market Pillars are established players with very 


strong vendor credentials, but with more average Sophos @ @ Trend Micro 
product scores: INNOVATOR DHAMRION 
Innovators have demonstrated innovative product 
strengths that act as their competitive advantage in @ Kasperksy 
appealing to niche segments of the market. 
i i TRAILING VENDOR LEADING VENDOR 

Emerging Players are comparatively newer Lum ALNG VENDOR on McAfee @ 
vendors who are starting to gain a foothold in the e 
marketplace. They balance product and vendor 5 i 
attributes, though score lower relative to market (Endpoin ‘i 
Champions. Protection) 

=! 3°14 (4 \ (? |] IRKE 

EMER ING Site IhN 

p (WED P i, 
Check Point @ rg- Suinantec 


(Encryption) 


TRAILING PRODUCT 
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Trend Micro offers the full package in endpoint 


protection 


? Champion 


Product: Smart Protection for 
Endpoints 
Employees: 5,217 
Headquarters: Tokyo, Japan 
Website: trendmicro.com 
Founded: 1988 
Presence: TYO:4704 


TREND 
M RO 


IC 





3 year TCO for this solution falls into pricing 
tier 5, between $50,000 and $100,000 


enil 


$14. > $2.5M+ 
Pricing provided by vendor 
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Overview 


e One of the largest endpoint security providers, Trend Micro offers 
comprehensive advanced threat and data protection for desktops 
to mobile devices. 


e Trend Micro’s Smart Protection for Endpoints offers one of the 
strongest advanced feature sets of the solutions evaluated, 
including removable device content control and URL filtering and 
web control. 

e The product has one of the most interactive and intuitive 
interfaces. It offers user-centric visibility which means admins can 
see all users in the environment and the devices/end points 
associated with them. Finally, it offers hybrid cloud management 
and licensing. 


Challenges 


e Trend Micro has recently been looking to improve their partner 
program. To address this, they are launching a new program in 
July 2014. 
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Even from a vendor standpoint, Trend Micro is one of the 
strongest players 


Vendor Landscape Product 





Vendor 






Overall Viability f Strategy 


(J 
INNOVATOR: MAMEA ON 
In Alignment With Your Organization’s Overall Security Strategy and Infrastructure 
e Trend Micro Smart Protection for Endpoints can 
TRAILING VENDOR LEADING VENDOR a ` 
Data Loss Prevention Cloud-Based encrypt folders and any files that fall into those folders 
Strategy Deployment as well as removable media. 
* The integrated DLP provides visibility and control of 
EMERGING WULG Y Y data to and from USB ports, CD/DVDs, LPT ports, 
BEM Bi JEN} removable disks, cloud syncing applications, etc. Also 
- collaborates with other Trend Micro security solutions. 
Vulnerability/System On-Premise The vulnerability protection provides virtual patch 
TRAILING PRODUCT Management Strategy Deployment 


deployment and zero-day protection. 
The application control provides whitelisting via cloud- 
Y Y based categories and system lockdown. 
Value Index * Trend Micro offers both on-premise and cloud-based 
options for organizations. 
ami out of 9 FFE Eneypion Content  PotContol Patch Mgmt. App White URL Ciud 


Info-Tech Recommends: 


Organizations looking for a comprehensive and affordable solution will find all of their requirements met 
with Trend Micro’s Smart Protection for Endpoints. Not only does it have a full feature set, it also has an 
interactive interface; it is an ideal option for a wide range of organizations. 
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This highly consolidated security suite helps enhance your 


overall risk management capabilities 


Only one vendor evaluated had all of the advanced features as part of its 
endpoint protection product. 





Why Scenarios? 


In reviewing the products included 
in each Vendor Landscape™, 
certain use cases come to the 
forefront. Whether those use cases 
are defined by applicability in 
certain locations, relevance for 
certain industries, or as strengths in 
delivering a specific capability, Info- 
Tech recognizes those use cases 
as Scenarios, and calls attention to 
them where they exist. 


Exemplary Performers 


CHSOHSHSHEHSHSHSHSEHSHSHHEHSHHHHSHHHHSHHEHHHHHEHHHSEHHHHHHHOHHOHCHHEHEEOHEHSESEEOSESOEOLEEBEOLEHEEOECEE 


Trend Micro offers a complete advanced features set, 
including removable media encryption, removable 
device content control, port control, patch 
management, and more. The product’s robustness is 
indicative that Trend Micro is recognizing the ever- 
changing needs of its customers and addressing 
them in a comprehensive solution that also scores 
high in overall usability. 
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Data is no longer static and solutions must protect it now that 
it is often in transit 


Solutions with removable device content control and removable media 
encryption are equipped to deal with data on the move. 


Both features 


ARKON:... [djLumension SOPHOS 
Ü Symantec Ü symantec Ø) TREND 


(Endpoint Protection) (Endpoint Encryption) 


4 Removable media encryption onl 
Why Scenarios? | ———_—(‘“éh twee cc sncescne ences te eseaee'e YPT OU sciuiidesnduimtivatinadeanedeaecoe 

In reviewing the products included Check Point 

in each Vendor Landscape™, 

certain use cases come to the 





forefront. Whether those use cases KASPERSKY 

are defined by applicability in 

certain locations, relevance for Removable device content control only 

certain industries, or as strengths in (i(C*«‘ Teeth HN TERT TCC tH Rete en eceecenetcccnencveneesereteecceseecceseseeseeec ens 
delivering a specific capability, Info- Y McAfee 

Tech recognizes those use cases EEEa 


as Scenarios, and calls attention to 
them where they exist. 
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Organizations need solutions that can integrate with more 
than one platform, especially with mobile devices in the mix 


Solutions that can work with different operating systems and a variety of 
mobile devices will be more attractive in today’s diverse landscape. 


All (Windows, Mac, mobile devices) 


KASPERSKY SOPHOS 
Y McAfee gy TREND 


An Intel Company 





Why Scenarios? „Wind ows/Mac E EE E E 
In reviewing the products included (Ú Symantec (Č symantec 
in each Vendor Landscape™, (Endpoint Protection) (Endpoint Encryption) 
certain use cases come to the 
forefront. Whether those use cases 
are defined by applicability in 
certain locations, relevance for Windows only 
certain industries, or as strengths in (tC*«S TA TNT e ENTE SHEET eeeeeseeeeeereeeeeeeeereeereseeeeeeeeeeeeeeeeereeeeeeeeeseees 
delivering a specific capability, Info- ARKQDN -21 [d Lumension 
Tech recognizes those use cases Nit WORK SECURITY TS E 
as Scenarios, and calls attention to 
them where they exist. Check Point 
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Table Stakes represent the minimum standard; without these, 
a product doesn’t even get reviewed 





The Table Stakes What does this mean? 
oper The products assessed in this Vendor 

Feature What it is: Landscape™ meet, at the very least, the 

i a requirements outlined as Table Stakes. 
Signature Sees a Black-listing, white-listing, and pattern-matching 
behavioral anti- a 
manire abilities — the essence of AV. Many of the vendors go above and beyond the 
Signature-based & a ane outlined Table Stakes, some even do so in 
behavioral anti- Recognition, restriction, and removal of multiple categories. This section aims to 
spyware information gathering software. highlight the products’ capabilities in excess 


a l , of the criteria listed here. 
Ability to actively recognize and respond to 


FBS inappropriate inbound traffic. 
Host FW Rules-based control of the traffic and actions 
allowed at the endpoint. 
Full-disk Offers full-disk option that encrypts the entire 
: physical disk as opposed to specific files or 
encryption 
folders. 
InfoTech If Table Stakes are all you need from your endpoint protection solution, the only true differentiator for the 
Insight organization is price. Otherwise, dig deeper to find the best price to value for your needs. 
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Advanced Features are the capabilities that allow for granular 
market differentiation 


Scoring Methodology Advanced Features 


Info-Tech scored each vendor’s features 
offering as a summation of its individual scores 
across the listed advanced features. Vendors 
were given one point for each feature the 
product inherently provided. Some categories 
were scored on a more granular scale with 
vendors receiving half points. 


Feature What we looked for: 





File/folder Protection for files and folders wherever they’re 
encryption stored — laptops, desktops, mobile devices, etc. 


Ability to encrypt removable devices such as 
USB devices, etc. Devices can be used on other 
workstations without other software. 

Integrated DLP capabilities, allowing for control 
and policing of data as it moves to and from 
removable devices. 


Removable media 
encryption 


Removable device 
content control 


Refers to ability to control whether USB ports 


Port control k 
CEP CORUS are active or not. 


Capability to identify what kind of patches are 


PENNS missing. Can control how to patch systems. 
eee Allow a user or admin the ability to grant 
Application le ‘ Bee : 
Ee permission to particular applications in order for 
whitelisting 


them to run. 
URL filtering/web Blocking of web traffic that may be harmful, 
control offensive, or legally inappropriate. 


Cloud deployment Availability of opportunity to deploy endpoint 
options protection in the cloud. 
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Executive summary 


Info-Tech evaluated nine competitors in the endpoint 
protection market, including the following notable 
performers: 


Champions: 


e Trend Micro has a total package of fully advanced features and a 
decent price amongst competitors. 
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Protect data on the move: 


Most devices in today’s workplace are 
mobile, so protection can no longer be 
static. Removable device encryption and 
content control must extend beyond laptops 
to USB and mobile devices to ensure holistic 
protection. 


Interfaces need to be interactive: 


With the myriad of information that admins 
must parse through on a daily basis, it’s 
imperative that today’s endpoint solutions — 
as they consolidate multiple capabilities 
under one view — be seamless and 
straightforward, with the ability to monitor 
activities and do deeper dive analysis in real 
time. 


3. Expanded platform integration is key: 


It’s no longer acceptable for products to 
simply be compatible with Windows. They 
also need to work with Mac, Linux, and 
mobile platforms. 
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Endpoint Protection vendor selection / knock-out criteria: 
market share, mind share, and platform coverage 


e Endpoint Protection reflects an ever-consolidating market of security tools. Wrapping up anti-malware, web content 
filtering, and other capabilities into one centrally managed solution demonstrates that today’s customers want an all-in- 
one option for their endpoints. 


e For this Vendor Landscape, Info-Tech focused on those vendors that offer broad capabilities across multiple platforms 
and that have a strong market presence and/or reputational presence among mid and large-sized enterprises. 


Included in this Vendor Landscape: 


e Arkoon. 

e Check Point. 
e Kaspersky. 

e Lumension. 
e McAfee. 

e Sophos. 

e Symantec. 


e Trend Micro. Strong feature set from a highly viable vendor in the space. 
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Each vendor offers a different feature set; concentrate on what 
your organization needs 





Evaluated Features 





























Arkoon O @ OC © O @ @ @ 
Check Point © © O @ O O O O 
Kaspersky © @ O © © O © O 
Lumension O @ @ O © O © @ 
McAfee OC) © O O O O © © 
Sophos C) @ © @ @ O © @ 
Symantec 
(Endpoint © OC) © © © O © O 
Protection) 
S t 
cmon! @ | @ DESSAN |e @ 86 @ MASS 
Trend Micro © O © @ © © © OC 





=Feature fully present =Feature partially present/pending =Feature absent 
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Balance individual strengths to find the best fit for your 


Vendor 


enterprise 





Product 


mon EON © 
Check Point* GS GS 


Kaspersky D 
Lumension O 


McAfee* 


Symantec 
(Endpoint 
Protection)* 
Symantec 
(Encryption)* 


Trend Micro e © 


*The vendor declined to provide pricing and publicly available pricing could not be found. 
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